DrZeroTrust

What the h*ll is quantum really?  Why should we care?  Does cracking an algorithm with quantum change the balance of power globally?  Is quantum potentially a WMD?  How can this technology be used by our government and others?  What about the banking system and quantum applications and risks?  Those questions and more on this very nerdy episode!

Checkpoint released a report on the wrap up from 2022, what can we learn from that analysis?  It's a super cool report by the way, ping me for the link!  How secure or insecure are the education systems in the US?  Can I find some glaring issues?  China wants to "work with" the UN on addressing disinformation, ok.  Lol, sure.  What do they mean?  A major shipping system is hit with ransomware, uh oh!  Orange published some research on the criminal mindset and motivations for ransomware operators.  Wow that is very interesting, but what should we take away from that research?  Norton got problems y'all, what can we learn from the problems they face?  Those points and more on this episode!

Is TikTok really a threat to national security?  Why should we be concerned about this app?  Should your kids be on this thing?  What are the implications for national security and those folks who have clearances?  Where does this all go in the next year?  What about social media and the justice system?  Are you still able to get a fair trial in today's news cycle focused world?  How does that affect our future?  Those questions and more on this one with an expert who served in the FBI!

Welcome to 2023 y'all.  Let's get into the new year by looking at some news you need to know.  A major FAA system went down and caused an outage for all of Florida.  How secure is the FAA, and what about other airport safety systems?  Surely, no misconfigurations there.  Right?  Links to study guides for OSCP cert via Reddit, pretty cool huh?  A hospital was hit with ransomware then the bad guys gave the key away for free.  What does that reveal about the business model for those threat actors?  The best example of how "useful" GDPR is, via a hack.  Lol.  Those points and more on this one!

Okta has an issue with their source code and a Github breach.  Does that matter, and if so why?  Is the FDA asking for more funding a real issue, and are they secure enough to be mandating legislation?  1password published an interesting analysis on the state of access for 2022, what can we learn from that?  What about this ChatGPT thing, how can it be useful and is it a threat?  And the most egregious example of combining marketing, social media, TikTok, and a lie that have influenced millions is discussed.  Those points and more on this episode!

Why are certs hurting the industry?  Are they really?  How much does it cost to get an entry certification?  Why so much?  Is the process for certifications fair for everyone?  Should companies have a fellowship track for non-manager technologists?  How do we get past this problem?  Is HR in the way of fixing the cyber security hiring crisis?  How hard is it to fix the problem with management and onboarding?  Could a CISO get their own job based on the HR filtering system?  Those questions and more on this episode.

Do buyers always configure vendor security solutions correctly?  Is there a magic button to push and then your organization is secure?  Do vendors have no risks or avenues of compromise?  How bad is the MSQL database security that is out there right now (think millions).  The DoD released it's strategy for Zero Trust, what should we take away from that?  Amazon is offering a security data lake recently, is that a good thing?  The White House and Starlink were hit by a threat group via a DDoS attack, so what?  And another attack on an island nation that is now working off of paper to run the government, super.  Those points and more on this episode.

A former Forrester analyst and a former Gartner analyst talk about the market and a variety of topics.  Is it a good idea for layoffs to be taking place right now in cyber as the economy takes a dive?  How will that affect our collective security?  What should you know about analyst reports like the Wave or the Magic Quadrant?  Does security product bloat actually hurt operational capabilities?  Should automation be everywhere?  How does strategy start, and where?  Why do customers still run towards point solutions, rather than broader strategic offerings?  What about the new book "The Art of Selling Cybersecurity"?  Those questions and more on this one.

Zscaler has come up with their own certification for Zero Trust.  Is that a good thing?  What else is up with Medibank and how bad is the security for the Australian government that is pushing the formation of these new "hack back" teams?  Is that even a thing?  China is using universities to plunder research and intellectual innovations from America, so what?  Why isn't that more of a problem?  Don't we have a means to address this insider threat activity?  Navigation systems for pilots were affected recently, did you hear about that on the news?  Why not?  How much financial impact can one tweet have on a major company?  It's a lot y'all.  Those questions and more on this episode.

A noted Russian "leader" openly admits to tampering with elections, does that close the book on whether or not that has happened?  An article on the Hill says that "ignorance" is the issue for legislators regarding cyber.  Is it "ignorance" or willful ignoring of the problem?  With the midterm elections going on surely I can't find potentially insecure and misconfigured election related systems?  Right?  And surely the company that has been tasked with securing those election networks isn't at risk, right?  The CIO of the US DoD will release their Zero Trust strategy in the coming weeks, what should we take away from that?  And a great article from Andy Ellis on some of the realities of being a CISO in today's business world.  Those points and more on this episode.